New MIT Tool Quickly Roots Out Hidden Web App Security Bugs

It’s a funny time for software testing. As more and more software is replaced by web applications—the cloud, that is—software bugs have more and more come to mean security holes. That is, interacting with software now so often means exposing data, which means trusting the builders of said software to entirely new degrees. And, as builders, we really need to not fuck that up.

Software testing—or debugging—is intense, tedious, and imperfect. Hence, software is full of bugs. Hence, software producers offer sometimes very large cash bounties to people that can find those bugs. A funny time.

Computer scientists from MIT have developed a new automated tool that can quickly comb through many thousands of lines of code written using the popular web framework Ruby on Rails looking for security vulnerabilities. In testing 50 popular RoR web applications, the tool, which will be presented at the International Conference on Software Engineering in May and is known simply as Space, was able to come up with 23 previously undiagnosed vulnerabilities. The longest it took to debug any program was 64 seconds.